sssd: access restriction bypass
| Package(s): | sssd | CVE #(s): | CVE-2011-1758 | ||||
| Created: | May 5, 2011 | Updated: | May 11, 2011 | ||||
| Description: | From the Red Hat Bugzilla entry: A flaw was introduced in SSSD 1.5.0 that, under certain conditions, would have sssd overwrite a cached password with the filename of the kerberos credential store (defined by krb5_ccache_template in sssd.conf). This could allow an attacker to gain access to an account without knowing the password if they knew the cached-credential string. | ||||||
| Alerts: |
| ||||||